Java Code Examples for com.google.api.client.googleapis.auth.oauth2.GoogleIdToken#Payload

The following examples show how to use com.google.api.client.googleapis.auth.oauth2.GoogleIdToken#Payload . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: GoogleIdTokenVerifierTest.java    From styx with Apache License 2.0 6 votes vote down vote up
private String createToken() throws GeneralSecurityException, IOException {
  var issuedAt = Instant.now().getEpochSecond();
  var expiredAt = issuedAt + 3600; // One hour later
  var payload = new GoogleIdToken.Payload();
  payload.setAuthorizedParty("103411466401044735393");
  payload.setEmail("some.email@project.iam.gserviceaccount.com");
  payload.setEmailVerified(true);
  payload.setIssuedAtTimeSeconds(issuedAt);
  payload.setExpirationTimeSeconds(expiredAt);
  payload.setIssuer("https://accounts.google.com");
  payload.setSubject("103411466401044735393");
  GenericJson googleMetadata = new GenericJson()
      .set("compute_engine", new GenericJson()
                                 .set("instance_creation_timestamp", 1556025719L)
                                 .set("instance_id", "5850837338805153689")
                                 .set("instance_name", "gew1-metricscatalogbro-b-b7z2")
                                 .set("project_id", "metrics-catalog")
                                 .set("project_number", 283581591831L)
                                 .set("zone", "europe-west1-d")
      );
  payload.set("google", googleMetadata);

  var header = new JsonWebSignature.Header().setAlgorithm("RS256");
  return JsonWebSignature.signUsingRsaSha256(privateKey, Utils.getDefaultJsonFactory(), header, payload);
}
 
Example 2
Source File: SocialLogin.java    From PYX-Reloaded with Apache License 2.0 5 votes vote down vote up
@Contract("null -> null")
@Nullable
public GoogleIdToken.Payload verifyGoogle(String tokenStr) throws BaseCahHandler.CahException {
    if (tokenStr == null) return null;

    try {
        GoogleIdToken token = googleHelper.verify(tokenStr);
        return token == null ? null : token.getPayload();
    } catch (GeneralSecurityException | IOException ex) {
        throw new BaseCahHandler.CahException(Consts.ErrorCode.GOOGLE_ERROR, ex);
    }
}
 
Example 3
Source File: GoogleAccount.java    From PYX-Reloaded with Apache License 2.0 4 votes vote down vote up
public GoogleAccount(ResultSet user, GoogleIdToken.Payload token) throws SQLException, ParseException {
    super(user, token.getEmailVerified());

    subject = user.getString("google_sub");
}
 
Example 4
Source File: GoogleAccount.java    From PYX-Reloaded with Apache License 2.0 4 votes vote down vote up
public GoogleAccount(String nickname, GoogleIdToken.Payload token) {
    super(nickname, token.getEmail(), Consts.AuthType.GOOGLE, token.getEmailVerified(), (String) token.getOrDefault("picture", null));

    this.subject = token.getSubject();
}
 
Example 5
Source File: CreateAccountHandler.java    From PYX-Reloaded with Apache License 2.0 4 votes vote down vote up
@NotNull
@Override
public JsonWrapper handle(User user, Parameters params, HttpServerExchange exchange) throws BaseJsonHandler.StatusException {
    if (banList.contains(exchange.getHostName()))
        throw new BaseCahHandler.CahException(Consts.ErrorCode.BANNED);

    PreparingShutdown.get().check();

    String nickname = params.getStringNotNull(Consts.UserData.NICKNAME);
    if (!Pattern.matches(Consts.VALID_NAME_PATTERN, nickname))
        throw new BaseCahHandler.CahException(Consts.ErrorCode.INVALID_NICK);
    if (connectedUsers.hasUser(nickname) || accounts.hasNickname(nickname))
        throw new BaseCahHandler.CahException(Consts.ErrorCode.NICK_IN_USE);

    UserAccount account;
    Consts.AuthType type;
    try {
        type = Consts.AuthType.parse(params.getStringNotNull(Consts.GeneralKeys.AUTH_TYPE));
    } catch (ParseException ex) {
        throw new BaseCahHandler.CahException(Consts.ErrorCode.BAD_REQUEST, ex);
    }

    switch (type) {
        case PASSWORD:
            if (!emails.enabled()) throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            String email = params.getStringNotNull(Consts.UserData.EMAIL);
            if (email.isEmpty()) throw new BaseCahHandler.CahException(Consts.ErrorCode.BAD_REQUEST);

            if (accounts.hasEmail(email)) throw new BaseCahHandler.CahException(Consts.ErrorCode.EMAIL_IN_USE);

            String password = params.getStringNotNull(Consts.AuthType.PASSWORD);
            if (password.isEmpty()) throw new BaseCahHandler.CahException(Consts.ErrorCode.BAD_REQUEST);

            account = accounts.registerWithPassword(nickname, email, password);
            emails.sendEmailVerification(account);
            break;
        case GOOGLE:
            if (!socialLogin.googleEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            GoogleIdToken.Payload googleToken = socialLogin.verifyGoogle(params.getStringNotNull(Consts.AuthType.GOOGLE));
            if (googleToken == null) throw new BaseCahHandler.CahException(Consts.ErrorCode.GOOGLE_INVALID_TOKEN);

            if (accounts.hasEmail(googleToken.getEmail()))
                throw new BaseCahHandler.CahException(Consts.ErrorCode.EMAIL_IN_USE);

            account = accounts.registerWithGoogle(nickname, googleToken);
            break;
        case FACEBOOK:
            if (!socialLogin.facebookEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            FacebookToken facebookToken = socialLogin.verifyFacebook(params.getStringNotNull(Consts.AuthType.FACEBOOK));
            if (facebookToken == null)
                throw new BaseCahHandler.CahException(Consts.ErrorCode.FACEBOOK_INVALID_TOKEN);

            FacebookProfileInfo facebookInfo = socialLogin.infoFacebook(facebookToken.userId);
            if (accounts.hasEmail(facebookInfo.email))
                throw new BaseCahHandler.CahException(Consts.ErrorCode.EMAIL_IN_USE);

            account = accounts.registerWithFacebook(nickname, facebookToken, facebookInfo);
            break;
        case GITHUB:
            if (!socialLogin.githubEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            String githubToken = params.getString(Consts.AuthType.GITHUB);
            if (githubToken == null)
                throw new BaseCahHandler.CahException(Consts.ErrorCode.GITHUB_INVALID_TOKEN);

            GithubProfileInfo githubInfo = socialLogin.infoGithub(githubToken);
            if (accounts.hasEmail(githubInfo.email))
                throw new BaseCahHandler.CahException(Consts.ErrorCode.EMAIL_IN_USE);

            account = accounts.registerWithGithub(nickname, githubInfo);
            break;
        case TWITTER:
            if (!socialLogin.twitterEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            String twitterTokens = params.getString(Consts.AuthType.TWITTER);
            if (twitterTokens == null)
                throw new BaseCahHandler.CahException(Consts.ErrorCode.TWITTER_INVALID_TOKEN);

            TwitterProfileInfo twitterInfo = socialLogin.infoTwitter(twitterTokens);
            if (accounts.hasEmail(twitterInfo.email))
                throw new BaseCahHandler.CahException(Consts.ErrorCode.EMAIL_IN_USE);

            account = accounts.registerWithTwitter(nickname, twitterInfo);
            break;
        default:
            throw new BaseCahHandler.CahException(Consts.ErrorCode.BAD_REQUEST);
    }

    return account.toJson();
}
 
Example 6
Source File: RegisterHandler.java    From PYX-Reloaded with Apache License 2.0 4 votes vote down vote up
@NotNull
@Override
public JsonWrapper handle(@Nullable User user, Parameters params, HttpServerExchange exchange) throws BaseJsonHandler.StatusException {
    if (banList.contains(exchange.getHostName()))
        throw new BaseCahHandler.CahException(Consts.ErrorCode.BANNED);

    PreparingShutdown.get().check();

    Consts.AuthType type;
    try {
        type = Consts.AuthType.parse(params.getStringNotNull(Consts.GeneralKeys.AUTH_TYPE));
    } catch (ParseException ex) {
        throw new BaseCahHandler.CahException(Consts.ErrorCode.BAD_REQUEST, ex);
    }

    UserAccount account;
    String nickname;
    switch (type) {
        case PASSWORD:
            nickname = params.getStringNotNull(Consts.UserData.NICKNAME);
            if (!Pattern.matches(Consts.VALID_NAME_PATTERN, nickname))
                throw new BaseCahHandler.CahException(Consts.ErrorCode.INVALID_NICK);

            account = accounts.getPasswordAccountForNickname(nickname);
            if (account == null) { // Without account
                user = new User(nickname, exchange.getHostName(), Sessions.generateNewId());
            } else {
                String password = params.getStringNotNull(Consts.AuthType.PASSWORD);
                if (password.isEmpty() || !BCrypt.checkpw(password, ((PasswordAccount) account).hashedPassword))
                    throw new BaseCahHandler.CahException(Consts.ErrorCode.WRONG_PASSWORD);

                user = User.withAccount(account, exchange.getHostName());
            }
            break;
        case GOOGLE:
            if (!socialLogin.googleEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            GoogleIdToken.Payload googleToken = socialLogin.verifyGoogle(params.getStringNotNull(Consts.AuthType.GOOGLE));
            if (googleToken == null) throw new BaseCahHandler.CahException(Consts.ErrorCode.GOOGLE_INVALID_TOKEN);

            account = accounts.getGoogleAccount(googleToken);
            if (account == null) throw new BaseCahHandler.CahException(Consts.ErrorCode.GOOGLE_NOT_REGISTERED);

            nickname = account.username;
            user = User.withAccount(account, exchange.getHostName());
            break;
        case FACEBOOK:
            if (!socialLogin.facebookEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            FacebookToken facebookToken = socialLogin.verifyFacebook(params.getStringNotNull(Consts.AuthType.FACEBOOK));
            if (facebookToken == null)
                throw new BaseCahHandler.CahException(Consts.ErrorCode.FACEBOOK_INVALID_TOKEN);

            account = accounts.getFacebookAccount(facebookToken);
            if (account == null) throw new BaseCahHandler.CahException(Consts.ErrorCode.FACEBOOK_NOT_REGISTERED);

            nickname = account.username;
            user = User.withAccount(account, exchange.getHostName());
            break;
        case GITHUB:
            if (!socialLogin.githubEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            String githubToken = params.getStringNotNull(Consts.AuthType.GITHUB);

            GithubProfileInfo githubInfo = socialLogin.infoGithub(githubToken);
            account = accounts.getGithubAccount(githubInfo);
            if (account == null) throw new BaseCahHandler.CahException(Consts.ErrorCode.GITHUB_NOT_REGISTERED);

            nickname = account.username;
            user = User.withAccount(account, exchange.getHostName());
            break;
        case TWITTER:
            if (!socialLogin.twitterEnabled())
                throw new BaseCahHandler.CahException(Consts.ErrorCode.UNSUPPORTED_AUTH_TYPE);

            String twitterTokens = params.getStringNotNull(Consts.AuthType.TWITTER);

            TwitterProfileInfo twitterInfo = socialLogin.infoTwitter(twitterTokens);
            account = accounts.getTwitterAccount(twitterInfo);
            if (account == null) throw new BaseCahHandler.CahException(Consts.ErrorCode.TWITTER_NOT_REGISTERED);

            nickname = account.username;
            user = User.withAccount(account, exchange.getHostName());
            break;
        default:
            throw new BaseCahHandler.CahException(Consts.ErrorCode.BAD_REQUEST);
    }

    User registeredUser = users.checkAndAdd(user);
    if (registeredUser != null) user = registeredUser;
    exchange.setResponseCookie(new CookieImpl("PYX-Session", Sessions.get().add(user)));

    return new JsonWrapper()
            .add(Consts.UserData.NICKNAME, nickname)
            .add(Consts.UserData.IS_ADMIN, user.isAdmin());
}
 
Example 7
Source File: UsersWithAccount.java    From PYX-Reloaded with Apache License 2.0 4 votes vote down vote up
@NotNull
public GoogleAccount registerWithGoogle(@NotNull String nickname, @NotNull GoogleIdToken.Payload token) {
    GoogleAccount account = new GoogleAccount(nickname, token);
    addAccount(account);
    return account;
}